Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

EZVPN issues-Originally posted in Remote Access...moving here

All,

I've been working on this all weekend, and I can't figure out what's wrong. My requirements are that I'm about to bring up a tunnel on demand from one host inside my network to my office for only certain subnets. I've got control of both sides router and ASA. The cisco vpn client works fine with any of the groups that I've tried under the ezvpn, but ezvpn won't negotiate. Under a "debug crypt isakmp" it shows that none of the ike proposals match and it fails Phase 1. On the ASA side, it only tells me that "Information Processing failed" with host x.x.x.x. I'm at a loss.

My current config on my router is attached.

In acl 102, I've tried just "permit ip host 10.20.1.200 any" and it makes the router reload. I changed my mode to client extension, but Cisco docs say that in order to use multiple subnets, you need to have network extension enabled. That didn't work either. I've tried to use the VPN groupname that the software clients use in the ASA, but it doesn't negotiate. I created a new group name for just my router, and I'm allowing only the networks that you see in the config, but that didn't work. I thought that it had something to do with my username because we authenticate to a RADIUS server, so I created a local account on the ASA and change the group-policy to use local authentication. That didn't work either.

Any ideas? I tried to change the version on my IOS to 12.4.24 (currently at 12.4.15), but that didn't work either. The software client works fine with the group name and user name that I've put in the router.

Thanks,

John

HTH, John *** Please rate all useful posts ***
1 REPLY

Re: EZVPN issues-Originally posted in Remote Access...moving her

Anyone? Here's what I get on the ASA:

%ASA-4-713903: Group = CiscoRouterEZVPN, IP = 99.x.x.x, Information Exchange processing failed

%ASA-4-713903: Group = CiscoRouterEZVPN, IP = 99.x.x.x, Information Exchange processing failed

%ASA-3-713902: Group = CiscoRouterEZVPN, IP = 99.x.x.x, Removing peer from peer table failed, no match!

%ASA-4-713903: Group = CiscoRouterEZVPN, IP = 99.x.x.x, Error: Unable to remove PeerTblEntry

HTH, John *** Please rate all useful posts ***
316
Views
0
Helpful
1
Replies